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IN THE CLAIMS 

Please amend the claims as follows. 

1 . (Currently Amended) A method for generating temporarily assigned identity 
information, comprising: 

authenticating identity information associated with a request received from a 
requestor for accessing a service, wherein the request is sent from the requestor to the 
service and intercepted for processing unb e knownst to th e r e qu e stor ; 

generating temporarily assigned identity information for the requestor, wherein 
the temporarily assigned identity information is in a syntax and format recognized by the 
service , and wherein the temporary assigned identity information is unique to the request 
and expires when the request expires or when the requestor logs out or terminates a 
communication session associated with the service : 

updating a protected identity directory with the temporarily assigned identity 
information; and 

directly transmitting the request and the temporarily assigned identity infonnation 
to the service on behalf of the requestor, wherein the service accesses the protected 
identity directory with the temporarily assigned identity information to authenticate the 
requestor for access, and wherein the temporarily assigned identity information is in a 
syntax and semantic format recognized and expected by the service for authenticating 
access to the service. 

2. (Original) The method of claim 1 further comprising: 

generating a mapping between the identity information and the temporarily 
assigned identity information; and 

storing the mapping in a local identity mapping store. 
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3. (Original) The method of claim 2 further comprising, synchronizing the local 
identity mapping store and the mapping with one or more addition local identity mapping 
stores. 

4. (Original) The method of claim 1 wherein the generating further includes 
assembling an aggregate identity configuration for the requestor from one or more 
authoritative identity stores before generating the temporarily assigned identity 
information. 

5. (Original) The method of claim 1 fiirther comprising, removing the temporarily 
assigned identity information from the protected identity directory after detecting a 
terminating event that terminates the authenticity of the temporarily assigned identity 
information. 

6. (Original) The method of claim 5 fiirther comprising recycling a storage space 
occupied by the temporarily assigned identity information for use in a subsequent 
iteration of the method. 

7. (Original) The method of claim 1 further comprising: 

detecting dynamic changes made on at least a portion of the identity information, 
wherein the changes are detected within the protected identity directory; and 

synchronizing the temporarily assigned identity information with the changes. 

8. (Original) The method of claim 1 fiirther comprising: 

detecting dynamic changes made on at least a portion of the identity information, 
wherein the changes are detected within the protected identity directory; and 

synchronizing the changes with one or more authoritative identity stores impacted 
by the changes. 



9. 



(Original) The method of claim 1 further comprising: 
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detecting changes made on at least a portion of the identity information, wherein 
the changes are detected within the protected identity directory; and 

logging the changes for subsequent update with one or more authoritative identity 
stores impacted by the changes. 

10. (Currently Amended) A method for generating temporarily assigned identity 
information, comprising: 

acquiring a request for a service from a requestor and unbeknownst to the 
requestor that makes the request directly to the service; 
authenticating the request; 

compiling an identity configuration for the request; 

generating temporarily assigned identity information for the request using the 
identity configuration; and 

directly transmitting the temporarily assigned identity information and the request 
to the service on behalf of the requestor, wherein the temporarily assigned identity 
information is in a syntax and semantic format recognized by the service for 
authenticating the requestor for access to the service , and wherein the temporary assigned 
identity information is unique to the request and expires when the request expires or 
when the requestor logs out or terminates a communication session associated with the 
service . 

1 1 . (Previously Presented) The method of claim 10 wherein acquiring ftirther 
includes, transmitting the request, wherein the request originates from a requestor's 
service over an inseciire network. 

12. (Original) The method of claim 10 wherein the transmitting further includes, 
transmitting the temporarily assigned identity information and the request to the service 
within a secure network. 
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13. (Original) The method of claim 10 further comprising accessing, by the service, a 
protected identity directory to authenticate the request using the temporarily assigned 
identity information. 

14. (Original) The method of claim 10 further comprising: 

acquiring an additional request issued from a same-requestor that is associated 
with the request, wherein the additional request is for an additional service; 
authenticating the additional request; and 

transmitting the temporarily assigned identity information and the additional 
request to the additional service. 

15. (Original) The method of claim 10 further comprising, forcing the temporarily 
assigned identity information to expire upon detection of a terminating event. 

16. (Previously Presented) The method of claim 10 wherein the compiling fiirther 
includes aggregating identity policies from one or more authoritative identity stores, 
wherein the identity policies are associated with the requestor that issued the request for 
the service. 

17. (Currently Amended) An identity information management system, comprising: 
a proxy server that intercepts requests made for services, wherein the requests are 

associated with requestors, and wherein the requests are made from the requestors 
directly to the services and are processed by the proxy server unb e knownst to th e 
requ e stors that mad e th e m ; 

a local identity mapping store for housing mappings between temporarily 
assigned identity information and identity configurations, the temporarily assigned 
identity information and the identity configurations are generated from identity 
information provided with the requests; and 

a protected identity directory updated with the temporarily assigned identity 
information and accessed by the services in order to authenticate the requests, wherein 
the requests and the temporarily assigned identity information are directly transmitted to 
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the services on behalf of the requestors by the proxy server and w^herein the temporarily 
assigned identity information is in a syntax and semantic format recognized by the 
services for authenticating access to the service s, and yyherein the temporary assigned 
identity information is unique to each of the requests and expires when the requests 
expire or when the requestor logs out or terminates communication sessions associated 
with the services . 

18. (Original) The identity information management system of claim 17 further 
comprising a local identity mapping store synchronizer that synchronizes the mappings in 
the local identity mapping store with one or more additional local identity mapping 
stores. 

19. (Original) The identity information management system of claim 17 wherein the 
local identity mapping store, the protected identity mapping store, and the services are 
accessible from a secure network. 

20. (Original) The identity information management system of claim 17 wherein the 
identity configurations arc generated from one or more authoritative data stores 

associated with the requestors. 

2 1 . (Original) The identity information management system of claim 1 7, wherein the 
identity information includes at least one of an identification, a password, a certificate, a 
token, a biomefric value, a hardware value, a network connection value, and a time value. 

22. (Original) The identity information management system of claim 17, the 
temporarily assigned identity information is monitored and removed them from the 
protected identity directory and the local identity mapping store when terminating events 
are detected. 



23. (Original) The identity information management system of claim 17, wherein the 
temporarily assigned identity information is randomly or deterministically generated. 
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24. (Original) The identity infonnation management system of claim 17, a storage 
space associated with the temporarily assigned identity information is recycled or reused. 

25. (Currently Amended) A data store residing in a computer-readable medium, for 
managing identity information, the data store comprising: 

identity configuration information generated in response to a request made from a 
requestor for a service, wherein the request is made from the requestor directly to the 
service and the identity configuration information is gonoratod unbeknownst to the 

temporarily assigned identity information generated for the identity configuration 
and used by the service lor authenticating the requestor, wherein the temporarily assigned 
identity information is sent lo the service unbeknownst to and on behalf of the requestor 
and the temporarily assigned identity information is in a syntax and semantic format 
recognized by the service for authenticating the requestor for access to the servic e, and 
wherein the temporary assigned identity information is unique to the request and expires 
when the request expires or when the requestor logs out or terminates a communication 
session associated with the service . 

26. (Original) The data store of claim 25 further comprising a mapping that links the 
identity configuration with the temporarily assigned identity information, wherein the 
mapping is accessed for fransmitting the temporarily assigned identity information along 
with the request to the service on behalf of the requestor. 

27. (Original) The data store of claim 26 wherein the mapping is accessed for 
purposes of updating a protected identity directory that is accessed by the service in order 
to authenticate the request by using the temporarily assigned identity information. 

28. (Original) The data store of claim 26 wherein the identity configuration, the 
temporarily assigned identity information, and the mapping are shared and managed 
within the data store by a managing service and at least one additional service. 
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29. (Original) The data store of claim 26 wherein the mapping is cached and 
accessible for subsequent uses. 

30. (Original) The data store of claim 26 wherein the mapping includes a collection of 
additional identity information which is not part of the identity information sent to the 
requestor. 

3 1 . (Original) The data store of claim 25 wherein the temporarily assigned identity 
information is a subset of identity information associated with the requestor. 

32. (Original)Thc data store of claim 25 wherein the data store is a local identity 
mapping data store managed by a managing service and the data store is synchronized 
with another identity mapping store that is managed by another service. 

33. (Original) The data store of claim 25 wherein the data store cannot be directly 
accessed by the service. 

34. (Original) The data store of claim 25 wherein the data store is directly accessed by 
the service. 



